Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Caching ClaimsPrincipal during authentication and re-caching FileConfiguration objects in Consul and Disk File configuration repos #1249

Open
wants to merge 10 commits into
base: develop
Choose a base branch
from

Conversation

EngRajabi
Copy link
Contributor

@EngRajabi EngRajabi commented May 30, 2020

New Feature

Cache response access token

Motivation for New Feature

  • Improve performance for cache identity response.
  • Improve performance for cache disk file repository.
  • In large projects and with many simultaneous requests, this cache is required.

@EngRajabi
Copy link
Contributor Author

@TomPallister

Copy link

@Hossein-Edraki Hossein-Edraki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's Good

@raman-m
Copy link
Member

raman-m commented Jul 19, 2023

Hi Mohsen!
Thanks for the PR!

What issue is this PR related to?

@raman-m raman-m changed the base branch from master to develop July 19, 2023 17:38
@raman-m
Copy link
Member

raman-m commented Jul 19, 2023

@EngRajabi commented on May 30, 2020:

improve performance for cache identity response.
improve performance for cache disk file repository.

In comparison to what performance indicators was the current performance improved?
Could you rewrite the description of your feature request please?

@raman-m raman-m self-requested a review July 19, 2023 17:58
@raman-m raman-m added feature A new feature question Initially seen a question could become a new feature or bug or closed ;) needs feedback Issue is waiting on feedback before acceptance waiting Waiting for answer to question or feedback from issue raiser labels Jul 19, 2023
@EngRajabi
Copy link
Contributor Author

I was in an enterprise project that used the reference token type. I had a performance problem. Because in every request, it needs to request the identity of the server. The problem was solved with this cache.

Copy link
Contributor Author

@EngRajabi EngRajabi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

merge conflict

@raman-m
Copy link
Member

raman-m commented Jul 20, 2023

@EngRajabi commented on July 20, 2023

Did you use Service Discovery + Identity Server setup, or classic setup + Identity Server Bearer Tokens?
🆗 We will talk more during code review...

@raman-m
Copy link
Member

raman-m commented Jul 20, 2023

Unfortunately there are no builds for these commits!
So, I cannot start code review without having an actual valid/green build...

@raman-m raman-m force-pushed the feat_accessToken_cache branch from cd5675c to 0561ad5 Compare August 1, 2023 13:21
@raman-m
Copy link
Member

raman-m commented Aug 1, 2023

Mohsen, congrats! 🎉
The feature branch has been rebased onto ThreeMammals:develop successfully!

Now we can go with code review...

And, once again,
What issue is this PR related to?

@raman-m raman-m removed question Initially seen a question could become a new feature or bug or closed ;) waiting Waiting for answer to question or feedback from issue raiser labels Aug 1, 2023
@raman-m raman-m force-pushed the feat_accessToken_cache branch from 4c2b93e to a4e33f4 Compare November 10, 2024 12:21
Copy link
Member

@raman-m raman-m left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The primary issue with this PR is the lack of a feature switcher❗

We suggest upgrading the middleware to enforce cache usage, which could be a breaking change for Ocelot applications in production. Therefore, we need to implement the upgrade with the cache turned off by default, and introduce a new JSON option to enable/disable caching as needed.

Additional suggestions include:

  • Implementing unit+acceptance tests to cover the new static CacheTtlSeconds property
  • Developing integration tests with usage of the DefaultMemoryCache{T} caching service

await _next(httpContext);
return;
}

Logger.LogInformation(() => $"The path '{path}' is an authenticated route! {MiddlewareName} checking if client is authenticated...");
var token = httpContext.Request.Headers.Authorization;
var cacheKey = $"{nameof(AuthenticationMiddleware)}.{nameof(IHeaderDictionary.Authorization)}:{token}";
if (!_memoryCache.TryGetValue(cacheKey, out ClaimsPrincipal principal))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are upgrading with enforced use of the cache❗

@@ -42,22 +53,29 @@ private void Initialize(string folder)

public Task<Response<FileConfiguration>> Get()
{
string jsonConfiguration;
var configuration = _cache.Get(CacheKey, region: CacheKey);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Enforced use of the cache❗

@@ -49,7 +51,7 @@ public void MiddlewareName_Cstor_ReturnsTypeName()
isNextCalled = true;
return Task.CompletedTask;
};
_middleware = new AuthenticationMiddleware(_next, _factory.Object);
_middleware = new AuthenticationMiddleware(_next, _factory.Object, new MemoryCache(new MemoryCacheOptions()));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Enforcing the use of new MemoryCache turns the test into an integration test.

}


// TODO Add integration tests: var aspMemoryCache = new DefaultMemoryCache<FileConfiguration>(new MemoryCache(new MemoryCacheOptions()));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add integration tests!

@raman-m raman-m added Authentication Ocelot feature: Authentication Configuration Ocelot feature: Configuration and removed needs feedback Issue is waiting on feedback before acceptance labels Nov 10, 2024
@raman-m raman-m requested a review from ggnaegi November 10, 2024 14:43
@raman-m raman-m added the Caching Ocelot feature: Caching label Nov 10, 2024
@raman-m raman-m changed the title Feat access token cache Caching ClaimsPrincipalduring authentication and re-caching FileConfiguration objects in Consul and Disk File repos Nov 10, 2024
@raman-m raman-m changed the title Caching ClaimsPrincipalduring authentication and re-caching FileConfiguration objects in Consul and Disk File repos Caching ClaimsPrincipal during authentication and re-caching FileConfiguration objects in Consul and Disk File configuration repos Nov 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Authentication Ocelot feature: Authentication Caching Ocelot feature: Caching Configuration Ocelot feature: Configuration feature A new feature
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants